CyberSec.Space Logo
Back to CVE Browser

CVE-2014-9264

HIGH
7.5
CVSS Severity Score
EPSS Score0.0300%
EPSS Percentile20.95th
PublishedDec 11, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias.

Affected Platforms (CPE)

πŸ“¦
Sap

Sql Anywhere

All versions

References & Advisories

πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-14-412/
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-14-413/
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-14-414/
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-14-415/
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-14-412/
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-14-413/
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-14-414/
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-14-415/

Related Vulnerabilities

CVE-2008-091210.0

Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer ...

CVE-2019-97599.8

An issue was discovered in TONGDA Office Anywhere 10.18.190121. There is a SQL Injection vulnerability via the general/approve_cen...

CVE-2004-23407.5

** UNVERIFIABLE ** SQL injection vulnerability in PunkBuster Screenshot Database (PB-DB) Alpha 6 allows remote attackers to execu...

CVE-2019-03815.5

A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0...